Getting Started with Cybersecurity
SOURCE for above statistics: edtechstrategies.com/map
2 Incidents per week: Since 2016, U.S. K-12 school districts have experienced more than
two cyber incidents per week on average.
Fastest growing cyber incidents in
K12 schools
Most common cyber incidents in
K12 schools
The percent of cyber incidents involving K-12 schools due to the actions of school sta� and/or students of those schools, sometimes resulting in criminal charges.
Incidents growing exponentially:Right now, we are on pace in 2017 to see
more than double the number of K-12 cyber incidents experienced in 2016.
Hacks + UnauthorizedData Breaches/
Disclosures
Successfulphishing attacks
2016 2017
page 1
Getting Started with Cybersecurity
What Should SCHOOLS Do?Put reasonable protections in place, realize nothing is 100% breach proof.
Where should districts start to get the biggest improvement in security?
Patch software and operating systems, and be ready to abandon software when it becomes obsolete
Educate district sta� about social engineering
TRAIN, TRAIN, TRAIN!Make sure everyone knows
security awareness is their job and who to talk to if they
make a mistake
Build a sustainable, long-range plan for security. Besides consistent training, create a
rotation of other areas of security like technical hardware refreshes, application
reviews/updates, assessing which vendors may have VPN access to your network, etc.
Utilize resources like Department of Homeland Security (DHS) and MultiState-I Information Sharing and Analysis Center
(MS-ISAC). They provide free monitoring and will help remediate in some cases; they have
a host of resources and tools
Checklist for YOUR school. To get started, make sure your school has:❏ Patched software systems and abondoned obsolete software❏ Trained everyone so they know security awareness is part of their jobs❏ Educate district stagg about social engineering❏ Built a sustainable, long-range plan for security❏ Utlized resources that provide free monitoring for your school
page 2 More information can be found at CoSN.org
Getting Started with Cybersecurity
TECHNOLOGY Preparedness
Put technology appliances in place:• Firewall• DMZ: a “demilitarized zone” or subnetwork that contains and exposes
the district’s external services to the Internet• Make sure all your operating systems are up to date
Put security processes in place:• Tra�c inspection• Backups: Invest in hyperconvergence and robust disaster recovery
systems• E�ective and up-to-date anti-virus• Automated patching and maintenance• Have a vendor or 3d party partner audit district security• Role-based permissions (de�ned based on network access role based
permissions) Least amount of access possible to do their job - appropriate access level
• Password change schedule• In case of network interruption, have a prioritized list of essential
systems that need to be restored or started up again in order to keep your district a�oat.
• Implement change management to ensure that you know what is approved for change and what is not
• Conduct tabletop exercises
What Should DISTRICTS Do?
page 3 More information can be found at CoSN.org
Getting Started with Cybersecurity
What Should DISTRICTS Do?
page 4
PEOPLE Preparedness
• Minimize the sta�’s ability to be compromised• Training • Security awareness (every month)
> Social engineering> Phishing: General and spear phishing> Who to tell when something goes wrong (”oops i clicked the link!”)
• Password management> Balance usability and security> Consider implementing 2-factor authentication
• Practice: Have department drills around speci�c security incidences• Consider outsourcing some security tasks if capacity is an issue
BREACH Preparedness
• Have a conversation with your insurer before you have an event to understand your responsibilities> Purchase a policy that also includes forensic work> Consider hiring a �rm on retainer so they can provide immediate
assistance when needed• Consider having a breach coach - a breach coach works with the
insurance carrier to triage the event and help districts navigate the process, including noti�cation requirements
• Work with your communications department for messages to your sta�/community
• Prepare document templates ahead of time• Know where your data is and what is protected class data,
i.e., PII, Special Ed status, medical status
More information can be found at CoSN.org
Getting Started with Cybersecurity
What Should DISTRICTS Do?
More information can be found at CoSN.orgpage 5
INCIDENT DETECTION + RESPONSE
• Have a baseline of what a normal day looks like to compare with current operation
• Have the tools at your disposal to troubleshoot the incident> IT management software and monitoring tools> Good SNMP reporting system> Have reports ready to go (e.g. is the switch down or exceeding
threshold, are ports exceeding their throughput threshold, are non-standard ports being contacted, etc.)
> Consider a Security Incident Event Management system
ASSET MANAGEMENT
• Know your assets and devices• Know where your data is for recovery purposes
PUBLIC RELATIONS
• Have communications plans established in advanced> Don’t use alarming words or phrases> Build response templates for common incidences
Together, we can help keep our schools safer!
More information can be found at CoSN.org